Lucene search
K

121 matches found

Positive Technologies
Positive Technologies
added 2022/10/17 12:0 a.m.3 views

PT-2022-21530 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 14.2 through 15.2.4 GitLab EE versions 15.3 through 15.3.3 GitLab EE versions 15.4 through 15.4.0 Description: The issue is related to a lack of IP address checking in GitLab EE, which allows a group member to bypass IP...

5.3CVSS4.8AI score0.00439EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2022/08/05 12:0 a.m.7 views

PT-2022-10583 · Starfish · The Rich Reviews By Starfish

Name of the Vulnerable Software and Affected Versions: Rich Reviews by Starfish plugin versions = 1.9.14 Description: A Cross-Site Request Forgery CSRF issue allows an attacker to delete reviews. Recommendations: For Rich Reviews by Starfish plugin versions = 1.9.14, update to a version higher th...

5.4CVSS4.6AI score0.00274EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/06/27 12:0 a.m.8 views

CVE-2022-31091 Change in port should be considered a change in origin in Guzzle

Guzzle, an extensible PHP HTTP client. Authorization and Cookie headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the Authorization and Cookie headers...

7.7CVSS7.4AI score0.0138EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/01 11:57 p.m.13 views

Joomla! doesn't configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs

Joomla! before 1.5.4 does not configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs, which has unknown impact and remote attack vectors...

7.5CVSS7AI score0.01164EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2021/08/25 10:34 a.m.13 views

SUSE-SU-2021:2838-1 Security update for jetty-minimal

This update for jetty-minimal fixes the following issues: - Update to version 9.4.43.v20210629 - CVE-2021-34429: URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. bsc1188438...

5.3CVSS5.9AI score0.99298EPSS
Exploits6References3
OSV
OSV
added 2021/07/11 7:30 a.m.5 views

OPENSUSE-SU-2021:2274-1 Security update for kubevirt

This update for kubevirt fixes the following issues: General: - Updated kubevirt to version 0.40.0 - Fixed an issue when calling virsh-domcapabilities - Fixed the the wrong registry path for containers. Security fixes: - CVE-2021-20286: A flaw was found in libnbd 1.7.3. An assertion failure in...

4CVSS3.4AI score0.01114EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/07/21 12:0 a.m.31 views

NewStart CGSL MAIN 6.01 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0036)

The remote NewStart CGSL host, running version MAIN 6.01, has thunderbird packages installed that are affected by multiple vulnerabilities: - By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This...

10CVSS8.2AI score0.06305EPSS
Exploits1References11
exploitpack
exploitpack
added 2016/10/13 12:0 a.m.17 views

RSS News AutoPilot Script 1.0.13.1.0 - Admin Panel Authentication Bypass

RSS News AutoPilot Script 1.0.13.1.0 - Admin Panel Authentication Bypass Exploit Title: RSS News AutoPilot Script - Admin Panel Authentication Bypass Date: 14 October 2016 Exploit Author: Arbin Godar Website : ArbinGodar.com Software Link:...

0.4AI score
Exploits0
hackapp
hackapp
added 2016/04/01 8:49 a.m.6 views

Calibre Companion Demo Version - Customized SSL, Dangerous filesystem permissions vulnerabilities

HackApp vulnerability scanner discovered that application Calibre Companion Demo Version published at the 'play' market has multiple vulnerabilities...

1.4AI score
Exploits0References1Affected Software1
OSV
OSV
added 2015/01/16 4:59 p.m.9 views

CVE-2014-1949

GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button...

6.2AI score
Exploits0References10
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.13 views

GeeCarts - view.php id Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/28470/info GeeCarts is prone to multiple input-validation vulnerabilities, including remote file-include and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting these issu...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2012/09/15 12:0 a.m.31 views

Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : dhcp (SSA:2012-258-01)

New dhcp packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2012-258-01. The text itse...

7.1CVSS6.3AI score0.21653EPSS
Exploits0References2
CISA
CISA
added 2010/03/08 12:0 a.m.15 views

Energizer DUO USB Battery Charger Software Allows Remote System Access

US-CERT is aware of a backdoor in the software for the Energizer DUO USB battery charger. This backdoor may allow a remote attacker to list directories, send and receive files, and execute programs on an affected system. The software, which has been discontinued, was available for both Windows an...

6.9AI score
Exploits0References1
Atlassian
Atlassian
added 2009/08/10 3:15 a.m.24 views

Update of jcaptcha

Update version of jcaptcha that we use...

1.4AI score
Exploits0Affected Software1
OSV
OSV
added 2005/05/02 4:0 a.m.5 views

CVE-2005-0071

vdr before 1.2.6 does not securely create files, which allows attackers to overwrite arbitrary files...

6.4AI score
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2004/11/02 12:0 a.m.11 views

PHPList < 2.6.5 Multiple Remote Vulnerabilities

Binary data 2378.prm...

5CVSS7.3AI score0.01076EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2004/09/17 12:0 a.m.37 views

Apache <= 1.3.33 htpasswd Local Overflow

The remote host appears to be running Apache 1.3.33 or older. There is a local buffer overflow in the 'htpasswd' command in these versions that may allow a local user to gain elevated privileges if 'htpasswd' is run setuid or a remote user to run arbitrary commands remotely if the script is...

6.1AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/08/18 12:0 a.m.11 views

IBM DB2 9.1 < 9.1 Fix Pack 7 / 9.5 < 9.5 Fix Pack 4 Multiple Vulnerabilities

Binary data 5043.prm...

4.3CVSS7.3AI score0.01972EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2004/08/18 12:0 a.m.13 views

Gaim < 0.82 Multiple Overflows

Binary data 2159.prm...

7.5CVSS7.3AI score0.05427EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2000/07/15 12:0 a.m.53 views

CVSweb 1.80 cvsweb.cgi Arbitrary Command Execution

The version of CVSweb on the remote host is = 1.85. This version allows a remote attacker to execute arbitrary commands in the context of the web server. This version of CVSweb is no longer maintained. Please consider switching to the latest version of FreeBSD CVSweb. %NASLMINLEVEL 70300 C Tenabl...

7.2CVSS6AI score0.05606EPSS
Exploits1References3
Rows per page
Query Builder